Farm

Use the information in this section to configure a farm using the Provisioning Console. This section includes information about the following elements:

  • General Tab
  • Security Tab
  • Groups Tab
  • Licensing Tab
  • Options Tab
  • vDisk Version Tab
  • Status Tab
  • Problem Report Tab

Image of farm properties

The tables that follow identify and describe properties on each tab of the Farm Properties dialog.

General tab

Field Description
Name Enter or edit the name of this farm.
Description Enter or edit a description for this farm.

Security tab

Field Description
Add button Click the Add button to apply farm administrator privileges to a group. Check each box next the groups to which farm administrator privileges should apply.
Remove button Click the Remove button to remove groups from those groups with farm administrator privileges. Check each box next the groups to which farm administrator privileges should not apply.

Groups tab

Field Description
Add button Click the Add button to open the Add System Groups dialog. To display all security groups, leave the text box set to the default ‘’. To display select groups, type part of the name using wildcards ‘’. For example, if you want to see MY_DOMAIN\Builtin\Users, type: User, Users, or *ser. However, if you type MY_DOMAIN\Builtin*, you get all groups, not just those groups in the MY_DOMAIN\Builtin path. Select the checkboxes next to each group that should be included in this farm. Note: Filtering on groups was introduced in 5.0 SP2 for efficiency purposes.
Remove button Click the Remove button to remove existing groups from this farm. Highlight the groups to which privileges should not apply.

Licensing tab

Field Description
License server name Type the name of the Citrix License Server in this textbox.
License server port Type the port number that the license server should use or accept the default, which is 27000.

Options tab

Field Description
Auto add When using this feature, select the site used by new target devices. If the No default site is chosen, the site of that Provisioning Server that logs in the target device is used. Use the No default site setting if your farm has site scoped PXE/TFTP servers. Important: This feature should only be enabled when expecting to add new target devices. Leaving this feature enabled could result in computers being added without the approval of a farm administrator.
Auditing Enable or disable the auditing feature for this farm.
Offline database support Enable or disable the offline database support option. This option allows Provisioning Servers within this farm, to use a snapshot of the database in case the connection to the database is lost.

vDisk version tab

Field Description
Alert if number of versions from base image exceeds: Set an alert should the number of versions from the base image be exceeded.
Default access mode for new merge versions Select the access mode for the vDisk version after a merge completes. Options include; Maintenance, Test (default), or Production. Note: If the access mode is set to Production and a test version exists, the state of the resulting auto-merged version is automatically set to Maintenance or Test. If a Maintenance version exists, an automatic merge is not performed.
Merge after automated vDisk update, if over alert threshold Enable automatic merge. Check to enable the automatic merge feature should the number or vDisk versions exceed the alert threshold. Minimum value is 3 and Maximum value is 100.

Status tab

Field Description
Status of the farm Provides database status information and information on group access rights being used.

Using the Console to configure a farm

Run the Configuration Wizard on a Provisioning Server when creating a farm, adding new Provisioning Servers to an existing farm, or reconfiguring an existing Provisioning Server.

If all Provisioning Servers in the farm share configuration settings such as site and store information, consider Running the Configuration Wizard Silently.

Configuration Wizard settings

Before running the Configuration Wizard, be prepared to make the following selections (described in detail below):

  • Network Topology
  • Identify the Farm
  • Identify the Database
  • Identify the Site
  • License Server Settings
  • Select Network Cards for the Stream Service
  • Configure Bootstrap Server

Note:

If errors occur during processing, the log is written to a ConfigWizard.log file, which is at C:\ProgramData\Citrix\Citrix Provisioning.

Tip:

The Configuration Wizard was modified at release 7.12 to include support for Linux Streaming. Refer to the installation article for information about the Linux streaming component.

Starting the Configuration Wizard

The Configuration Wizard starts automatically after Citrix Provisioning software is installed. The wizard can also be started by selecting Start > All Programs > Citrix > Citrix Provisioning > Citrix Provisioning Configuration Wizard.

Network topology

Complete the network configuration steps that follow.

  1. Select the network service to provide IP addresses

    Note: Use existing network services if possible. If existing network services cannot be used, choose to install the network services that are made available during the installation process.

    To provide IP addresses to target devices, select from the following network service options:

    • If the DHCP service is on this server, select the radio button next to one of the following network services to use, then click Next:
      • Microsoft DHCP
      • Provisioning Services BOOTP service
      • Other BOOTP or DHCP service
    • If the DHCP service is not on this server, select the radio button next to The service is running on another computer, then click Next.
  2. Select the network service to provide PXE boot information

    Each target device downloads a boot file from a TFTP server.

    Select the network service to provide target devices with PXE boot information:

    • If you use Citrix Provisioning to deliver PXE boot information, select The service that runs on this computer. Then select from either of the following options, then click Next:
      • Microsoft DHCP (options 66 and 67)
      • Citrix Provisioning PXE Service
    • If Citrix Provisioning does not deliver PXE boot information, select The information is provided by a service on another device option, then click Next.

Identify the farm

  1. Select from the following farm options:
    • Farm is already configured

      Select this option to reconfigure an existing farm, then continue on to the “Configure user account settings” procedure. This option only appears if a farm exists.

    • Create farm

      1. On the Farm Configuration dialog, select the Create Farm radio button to create a farm, then click Next.
      2. Use the Browse button to browse for existing SQL databases and instances in the network, or type the database server name and instance. Optionally, enter a TCP port number to use to communicate with this database server. Note: The combination of the database name and farm name should not exceed 54 characters. In such cases, the farm name may display as a truncated entry in the Existing Farms screen.
      3. To enable database mirroring, enable the Specify database mirror failover partner option, then type or use the Browse button to identify the failover database server and instance names. Optionally, enter a TCP port number to use to communicate with this server.
      4. Click Next to continue to the next step, select the database location.
    • Join existing farm

      1. On the Farm Configuration dialog, select the Join Existing Farm radio button to add this Provisioning Server to an existing farm, then click Next.
      2. Use the Browse button to browse for the appropriate SQL database and instance within the network.
      3. Select the farm name that displays by default, or scroll to select the farm to join. Note: More than one farm can exist on a single server. This configuration is common in test implementations.
      4. To enable database mirroring, enable the Specify database mirror failover partner option, then type or use the Browse button to identify the failover database server and instance names. Optionally, enter a TCP port number to use to communicate with this server.
      5. Click Next.
      6. Select from the following site options, then click Next:
        • Existing Site: Select the site from the drop-down menu to join an existing site.
        • New Site: Create a site by typing the name of the new site and a collection.

      Continue on to configure the user account settings.

Identify the database

Only one database exists within a farm. To identify the database:

  1. If the database server location and instance have not yet been selected, complete the following procedure.

    1. On the Database Server dialog, click Browse to open the SQL Servers dialog.
    2. From the list of SQL Servers, select the name of the server where this database exists. Specify the instance to use (to use the default instance, SQLEXPRESS, leave the instance name blank). In a test environment, this configuration may be a staged database. Note: When rerunning the Configuration Wizard to add extra Provisioning Servers database entries, the Server Name and Instance Name text boxes are already populated. By default, SQL Server Express installs as an instance named ‘SQLEXPRESS’.
    3. Click Next. If this database is a new farm, continue on to the “Defining a Farm” procedure.
  2. To change the database to a new database

    1. On the old database server, perform a backup of the database to a file.
    2. On the new database server, restore the database from the backup file.
    3. Run the Configuration Wizard on each Provisioning Server.
    4. Select Join existing farm on the Farm Configuration dialog.
    5. Enter the new database server and instance on the Database Server dialog.
    6. Select the restored database on the Existing Farm dialog.
    7. Select the site that the Server was previously a member of on the Site dialog.
    8. Click Next until the Configuration Wizard finishes.
  3. Define a farm. Select the security group to use:

    • Use Active Directory groups for security Note: When selecting the Active Directory group to act as the Farm Administrator from the drop-down list, choices include any group the current user belongs to. This list includes Built in groups, which are local to the current machine. Avoid using these groups as administrators, except for test environments. Some group names may be misleading and appear to be Domain groups, but are local Domain groups. For example: ForestA.local/Builtin/Administrators.
    • Use Windows groups for security
  4. Click Next.

    Continue on to select the license server.

Create a store for a new farm

A new store can be created and assigned to the Provisioning Server being configured:

Note: The Configuration Wizard only allows a server to create or join an existing store if it is new to the database. If a server exists in the database and it rejoins a farm, the Configuration Wizard may prompt the user to join a store or create a store, but the selection is ignored.

  1. On the New Store page, name the new Store.
  2. Browse or enter the default path (for example: C:\PVSStore) to use to access this store, then click Next. If an invalid path is selected, an error message appears. Reenter a valid path, then continue. The default write cache location for the store is located under the store path for example: C:\PVSStore\WriteCache.

Identify the site

When joining an existing farm, identify the site where this Provisioning Server is a member. You can do this by either creating a site or selecting an existing site within the farm. When a site is created, a default target device collection is automatically created for that site

Select the license server

  1. Enter the name (or IP address) and port number of the license server (default is 27000). The Provisioning Server must be able to communicate with the license server to get the appropriate product licenses.
  2. Optionally, select the check box Validate license server version and communication. This option verifies that the license server is able to communicate with this server and that the appropriate version of the license server is being used. If the server is not able to communicate with the license server, or the wrong version of the license server is being used, an error message appears. You cannot proceed.
  3. Click Next to continue on to configure user account settings.

Configure user account settings

The Stream and Soap services run under a user account. To provide database access privileges to this user account, Data reader and Data writer database roles are configured automatically using the Configuration wizard.

  1. On the User Account dialog, select the user account that the Stream and Soap services run under:
    • Network service account (minimum privilege local account that authenticates on the network as computers domain machine account).
    • Specified user account (required when using a Windows Share; workgroup or domain user account). Type the user name, domain, and password information in the appropriate text boxes.
  2. Click Next, then continue on to selecting network cards for the Stream Service.

Group managed service accounts

Citrix Provisioning supports Group Managed Service Accounts (gMSA). These accounts are managed domain accounts providing automatic password management and simplified SPN management over multiple servers.

localized image

Creating self-signed certificates for Linux streaming

When configuring Citrix Provisioning for streaming Linux Desktops, the Linux target devices must be linked to the Provisioning Soap server via an SSL connection. The CA certificate must be present on both the Provisioning Server and the target device.

Using the Citrix Provisioning Configuration Wizard, you can choose to add the proper certificate from the provisioning Soap container, specifically for Linux Desktops.

Creating self signed certificates with PoSH

To create a certificate:

1. Use the following PowerShell command (as an administrator) to create a self-signed certificate that is placed into the provisioning Soap container:

#New-SelfSignedCertificate –Type SSLServerAuthentication –Container PVSSoap –Subject “CN=PVS-01.fqdn” –CertStoreLocation “Cert:\LocalMachine\My” –KeyExportPolicy Exportable

localized image

2. Import the generated certificate into the local machine’s Trusted Root Certificate Authority store from the Personal store.

3. Run the Citrix Provisioning Configuration Wizard. At the Soap SSL Configuration prompt, choose the newly generated certificate by highlighting in blue, and continue through the wizard:

localized image

Tip:

When the Soap SSL Configuration page first loads the certificate is highlighted (in gray) which gives the appearance that it is selected. Ensure that the certificate is selected. It should turn blue to indicate that it has been selected.

Select network cards for the Stream Service

  1. Select the check box next to each of the network cards that the Stream Service can use.
  2. Enter the base port number that is used for network communications in the First communications port: text box.

    Note:

    A minimum of 20 ports are required within the range. All Provisioning Servers within a farm must use the same port assignments.

  3. Select the Soap Server port (default is 54321) to use for Console access, then click Next.

Continue on to select the bootstrap server.

Configure the bootstrap server

  1. Select the bootstrap server. To use the TFTP service on this Provisioning Server:
    1. Select the Use the TFTP Service option, then enter or browse for the boot file. The default location is: C:\Documents and Settings\All Users\ProgramData\Citrix\Provisioning Services\Tftpboot

      If a previous version of Citrix Provisioning was installed on this server, and the default location is:

      C:\Program Files\Citrix\Provisioning Services\TftpBoot

      run the Configuration Wizard to change the default location to:

      C:\Documents and Settings\All Users\ProgramData or ApplicationData\Citrix\Provisioning Services\Tftpboot

      If the default is not changed, the bootstrap file cannot be configured from the Console and target devices fail to boot. The message ‘Missing TFTP’ appears.

    2. Click Next.

  2. Select Provisioning Servers to use for the boot process:
    1. Use the Add button to add more Provisioning Servers to the list. The Edit button to edit existing information, or Remove to remove the Provisioning Server from the list. Use the Move up or Move down buttons to change the Provisioning Server boot preference order. The maximum length for the server name is 15 characters. Do not enter the FQDN for the server name. In an HA implementation, at least two Provisioning Servers must be selected as boot servers.

    2. Optionally, highlight the IP address of the Provisioning Server that target devices will boot from, then click Advanced. The Advanced Stream Servers Boot List appears.

      The following list describes advanced settings that you can choose from. After making your selections, click OK to exit the dialog, then click Next to continue.

    • Verbose mode: Select the Verbose Mode option if you want to monitor the boot process on the target device (optional) or view system messages.
    • Interrupt safe mode: Select Interrupt Safe Mode if you are having trouble with your target device failing early in the boot process. This option enables debugging of target device drivers that exhibit timing or boot behavior problems.
    • Advanced memory support: This setting enables the bootstrap to work with newer Windows OS versions and is enabled by default. Disable this setting on Windows Server OS 32 bit versions that do not support PAE. Or if your target device is hanging or behaving erratically in early boot phase.
    • Network recovery method:
      • Restore Network Connections: Selecting this option results in the target device attempting indefinitely to restore its connection to the Provisioning Server.

        Note:

        Because the Seconds field does not apply, it becomes inactive when selecting the Restore Network Connections option.

      • Reboot to Hard Drive: (A hard drive must exist on the target device). Selecting this option instructs the target device to perform a hardware reset to force a reboot after failing to re-establish communications for a defined number of seconds. The user determines the number of seconds to wait before rebooting. Assuming the network connection cannot be established, PXE fails and the system will reboot to the local hard drive. The default number of seconds is 50, to be compatible with HA configurations.
    • Logon polling timeout: Enter the time in milliseconds between retries when polling for Provisioning Servers. Each Provisioning Server is sent a login request packet in sequence. The first server that responds is used. In non-HA configurations, this time-out simply defines how often to retry the single available server with the initial login request. This time-out defines how quickly the round-robin routine switches from one Provisioning Server to the next in trying to find an active server. The valid range is from 1,000 to 60,000 milliseconds.
    • Log in general timeout: Enter the time-out in milliseconds for all login associated packets, except the initial login polling time-out. This time-out is longer than the polling time-out. This is because the Provisioning Server needs time to contact all associated servers, some of which may be down. Unreachable servers require retries and time-outs from the Provisioning Server to the other Provisioning Servers to determine if they online. The valid range is from 1,000 to 60,000 milliseconds.
  3. Verify that all configuration settings are correct, then click Finish.

Bootstrap configurations can be reconfigured by selecting the Configure Bootstrap option from the Provisioning Services Action menu in the Console.